March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
State of Ransomware in 2021
December 8, 2021Rewterz Threat Alert – Trickbot Malware – Active IOCs
December 8, 2021State of Ransomware in 2021
December 8, 2021Rewterz Threat Alert – Trickbot Malware – Active IOCs
December 8, 2021
Severity
High
Analysis Summary
IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe
Impact
- Stealing Financial Information
- Exposure of Sensitive Data
Indicators of Compromise
Domain Name
- vopnoz[.]com
Filename
- girlNextDoor[.]jpg[.]dll
MD5
- 09f6293c7dc735b4bcda63ca6e3b4ea1
SHA-256
- f05e9edc503214f7826d228b888ddcfd5d78e922d540968eaf20c5cc03b8f2f3
SHA-1
- a77282826dcf172da5706fbc57312ac37992ace7
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.